AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior version, and listings, of claims in the 

application. 

Listing of Claims 
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1 . (Currently Amended) A method comprising: 

receiving data from a network application program interface (API); 

determining if the data is eligible for a security operation , wherein eligibility 
is determined bv selector data contained in the data : 

creating a selector based on the selector data, wherein said selector 
indicates at least a portion of the data and a security association: 

applying the security operation to the data if the data is eligible , wherein 
applying the security operation comprises using the security association on the at least 
a portion of the data : and 

sending the data to which the security operation has been applied to a 
network protocol layer. 



2. (Currently Amended) The method of claim 1 further comprising: w herein- 
dotormining i f tho data io o li gib l o for a socur i ty operat i on compr i ses: 



creat i ng a se l ector basod on th e data, said s e l e ctor to rofor e ncos a databas e 
socur i ty assoc i at i ons; and 

G o arching the database for a s e cur i ty assoc i at i on corrospond i ng to tho s e l e ctor 
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using said selector to search a database of security associations for at least one 
selector/security association pair identifying a security association corresponding to the 
selector. 

3. (Currently Amended) The nnethod of claim 2 1 wherein cr e at i ng the selector 
data is based [[on]] at least in part on one of an internet protocol address taken from the 
data and a port indicator taken from the data. 

4. (Currently Amended) The method of claim 1 wherein applying the security 
operation comprises at least one of: 

attaching a header to the data, said header including a security operation tag; 
performing an integrity check; and 
encrypting the data. 

5. (Currently Amended) The method of claim 1 wherein determining if the data 
is eligible for the security operation and applying the security operation if the data is 
eligible depends , at least in part upon a local selector/security association pair at a 
sending client corresponding to a remote selector/security association pair at a 
receiving client, said local selector/security association pair and said remote 
selector/security association pair having been received from a key server. 

6. (Currently Amended) A method comprising: 

receiving data from a network protocol layer; 



A 
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determining if the data is eligible for a security operation , wherein eliqibilitv 
is deternnined by selector data contained in the data : 

creating a selector based on the selector data, said selector indicating at 
least a portion of the data and a security association; 

applying the security operation to the data if the data is eligible , wherein 
applying the security operation comprises using the security association on the at least 
a portion of the data : and 

sending the data to which the security operation has been applied to a 
network application program interface (API). 

7. (Original) The method of claim 6 wherein determining if the data is eligible for 
a security operation comprises at least one of: 

detecting a security operation tag in a header of the data; and 
detecting failure of an integrity check on the data. 

8. (Currently Amended) The method of claim 6 further comprising: wh e r ei n 
determ i n i ng if tho data i s e l igib l e for a socurity operation compr i sos: 

creat i ng a s e lector based on tho data, sa i d soloctor to roforoncos a databas e of 
socurity assoc i ations; and 

coarch i ng tho database for a socurity associat i on correspond i ng to tho so l octor. 

using said selector to search a database of security associations for at least one 
selector/security association pair identifying a security association corresponding to the 
selector. 
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9. (Original) The method of claim 8 further comprising: 

blocking the data from being sent to the network API if no security 
association corresponding to the selector is found. 

10. (Original) The method of claim 6 wherein determining if the data is eligible for 
the security operation comprises: 

determining that the data is not eligible for the security operation if a 
selector that references a database of security associations cannot be created based on 
the data. 



1 1 . (Currently Amended) The method of claim 6 wherein determining if the data 
is eligible for the security operation comprises: 

blocking the data from being send to the network API if the data includes 
selector data i nformat i on but no selector can be created from it. 
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12. (Canceled) 

13. (Currently Amended) The method of claim 6 wherein the security 
association comprises at least one of: 

applying encryption to the data: 
remoyinq special packaging from the data; 
applying decryption to the data; and 



or 
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performing an integrity check on the data. 

14. (Currently Amended) A machine readable storage medium having stored 
thereon machine executable instructions, execution of said machine executable 
instructions being operable to implement a method comprising: 

receiving data from a network application program interface (API); 

determining if the data is eligible for a security operation , wherein eligibility 
is determined by selector data contained in the data : 

creating a selector based on the selector data, wherein said selector 
indicates at least a portion of the data and a security association: 

applying the security operation to the data if the data is eligible , wherein 
applying the security operation comprises using the security association on the at least 
a portion of the data : and 

sending data to which the security operation has been applied to a 
network protocol layer. 

15. (Currently Amended) The machine readable storage medium of claim 14 
further comprising: whoro i n dotormin i ng i f tho data io oligib l o for a socurity operat i on 
compris e s: 

creat i ng a so l octor based on tho data, said so lo ctor to roforonces a databaso of 
socur i ty assoc i ations; and 

soarching tho databaso for a socur i ty associat i on corresponding to tho so l octor. 
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using said selector to search a database of security associations, for at least one 
selector/security association pair Identifying a corresponding a security association. 

16. (Currently Amended) The machine readable storage medium of claim [[15]] 
14 wherein cr e ating the selector data is based [[on]] at least in part on one of an 
internet protocol address taken from the data and a port indicator taken from the data. 
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17. (Currently Amended) The machine readable storage medium of claim 14 
wherein applying the security operation comprises at least one of: 

attaching a header to the data, said header including a security operation tag; 
performing an integrity check: and 
encrypting the data. 

18. (Currently Amended) The machine readable storage medium of claim 14 
wherein determining if the data is eligible for the security operation and applying the 
security operation if the data is eligible depends upon a local selector/security 
association pair at a sending client corresponding to a remote selector/security 
association pair at a receiving client, said local selector/security association pair and 
said remote selector/security association pair having been received from a key server. 

19. (Currently Amended) A machine readable storage medium having stored 
thereon machine executable instructions, execution of said machine executable 
instructions being operable to implement a method comprising: 
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receiving data from a network protocol layer; 

detemiining if the data is eligible for a security operation , wherein eliaibilitv 
is determined bv selector data contained in the data : 

creating a selector based on the selector data, said selector indicating at 
least a portion of the data and the security association: 

applying the security operation to the data if the data is eligible , wherein 
applying the security operation comprises using a security association on the at least a 
portion of the data : and 

sending the data to which the security operation has been applied t o a 
network application program interface (API). 

20. (Original) The machine readable medium of claim 19 wherein detemiining if 
the data is eligible for a security operation comprises at least one of: 

detecting a security operation tag in a header of the data; and 
detecting failure of an integrity check on the data. 

21. (Currently Amended) The machine readable medium of claim 19 further 
haying stored thereon machine executable instnjction. execution of said machine 
executable instruction being operable to implement a method further comprising: 
whoroin dotorm i n i ng if the data io ol i g i blo for a ooour i ty operation compr i sos: 

croat i ng a so l octor bas e d on tho data, said so l ootor to roforoncos a databaoo of 
ooour i ty aosooiat i ons; and 

ooarch i ng the databaso for a ooourity asoooiation oorrospond i ng to tho coloctor. 
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using said selector to search a database of security associations for at least one 
selector/security association pair identifying a security association corresponding to the 
selector 
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22. (Original) The machine readable medium of claim 21 further comprising: 

blocl<ing the data from being sent to the network API if no security 
association corresponding to the selector is found. 

23. (Original) The machine readable medium of claim 19 wherein determining if 
the data is eligible for the security operation comprises: 

determining that the data is not eligible for the security operation if a 
selector that references a database of security associations cannot be created based on 
the data. 

24. (Currently Amended) The machine readable medium of claim 19 wherein 
determining if the data is eligible for the security operation comprises: 

blocking the data from being send to the network API if the data includes 
selector data informat i on but no selector can be created from it. 

25. (Canceled) 

26. (Currently Amended) The method of claim 6 wherein the security 
association comprises at least one of: 
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applying encryption to the data: 
remoyinq special packaging from the data: 
applying decryption to the data; and 
performing an integrity check on the data, 

27. (Currently Amended) A management seryer apparatus comprising: 

a processing unit to; 
receiye data from a network application program interface (API), 
[[to]] determine if the data is eligible for a security operation, wherein eligibility is 

determined by selector data contained in the data, 

create a selector based on the selector data, wherein said selector indicates at 

least a portion of the data and a security association, 

[[to]]apply the security operation to the data if the data is eligible , wherein 

applying the security operation comprises using the security association on the at least 

a portion of the data , 

[[to]]apply the security operation to the data if the data is eligible, and 
[[to]]send the data to which the security operation has been applied to a network 

protocol layer. 

28. (Currently Amended) A management server apparatus comprising: 

a processing unit to; 
receive data from a network protocol layer, 
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• • 

[[to]] determine if the data is eliaible for a securitv ooeration, wherein eliqibilitv is 
determined bv selector data contained in the data, 

create a selector based on the selector data, said selector indicatina at least a 
Dortion of the data and a securitv association; 

[[tn]] apply the security operation to the data if the data is eliaible. wherein 
aoDlvina the securitv operation comprises usina the securitv association on the at least 




a Dortion of the data, and 

[[to]] send the data to which the securitv operation has been aoolied to a network 
application program interface (API). 
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